CVE-2026-33378

Same vendor

• CVE-2026-33381 — When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the... (5.9 MEDIUM)
• CVE-2026-33380 — A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem (6.3 MEDIUM)
• CVE-2026-33377 — An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard (7.1 HIGH)
• CVE-2026-33376 — When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses (7.4 HIGH)
• CVE-2026-28383 — A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by reading the entire request body into memory (6.5 MEDIUM)

Same CWE

• CVE-2026-12325 — Denial-of-service in the Graphics: ImageLib component (6.5 MEDIUM)
• CVE-2026-12319 — Denial-of-service in the Audio/Video: Playback component (6.5 MEDIUM)
• CVE-2026-50889 — An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service (DoS) via sending ... (7.5 HIGH)
• CVE-2026-50882 — An issue in the /api/v0/pastes endpoint of anna-is-cute paste v0.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted PO... (7.5 HIGH)
• CVE-2026-50879 — An issue in the uploadPostHandler component of Andrei Marcu linx-server v2.3.8 allows attackers to cause a Denial of Service (DoS) via a ... (7.5 HIGH)